Vulnerabilities > ENG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-05 | CVE-2021-30056 | Cross-site Scripting vulnerability in ENG Knowage Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). | 5.4 |
| 2019-09-05 | CVE-2019-13190 | Improper Authentication vulnerability in ENG Knowage 6.1.0/6.1.1 In Knowage through 6.1.1, the sign up page does not invalidate a valid CAPTCHA token. | 5.3 |
| 2019-08-28 | CVE-2019-13189 | Cross-site Scripting vulnerability in ENG Knowage In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | 6.1 |
| 2018-06-13 | CVE-2018-12355 | Cross-site Scripting vulnerability in ENG Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. | 6.1 |